Biometric technologies offer better security mechanisms over traditional authentication methods, like password based ones, given the fact that the biometric feature is a unique physiological characteristic that is always present and, depending on the method used, may not be visible to other people. However, one concern is that some biometric techniques have certain hardware and response time requirements that make them inappropriate for mobile devices and cards.
Fingerprint is a popular biometric technique and has been used for over 100 years in different applications, including authentication on mobile phones. But fingerprint authentication can fail if the fingerprint is damaged or, in a worst case scenario, spoofed by an attacker that captures the prints left by users on objects. This vulnerability has been demonstrated with commercial mobile phones that use fingerprints.
Electrocardiogram (referred to as ECG or EKG) methods have the advantage of concealing the biometric features during authentication. However, complex hardware is required to acquire this signal, making it hard to implement in mobile devices. Current ECG authentication algorithms are not designed to work in mobile environments given the fact that they require lengthy ECG signals or need to be combined with other biometric methods in order to achieve satisfactory results.
The use of cards for financial transactions or secure access has become indispensable in the last few decades. This popularity has also been accompanied by security concerns. Traditional cards do not support biometric authentication and therefore are not explicitly associated with their owner. Financial institutions have tried to address this problem through the introduction of PINs (Personal Verification Numbers) and integrated circuits on cards. These features remain only useful for contact cards (the type that is inserted into readers). This has decreased the number of breaches, but passive attacks (PIN theft or signature forging) are still problematic.
Mobile devices such as smart phones have become indispensable gadgets for numerous functions. Users are becoming more comfortable with the idea of storing highly private information such as emails, photos, and other sensitive documents on such devices. The popular mobile login methods rely on numerical or graphical passwords. These techniques are vulnerable to passive attacks instigated by individuals watching from a short distance in order to see the phone screen or the movement of the fingers with the goal of stealing the password.
Accordingly, systems and methods that enable biometric authentication on cards or mobile devices remain highly desirable.
It will be noted that throughout the appended drawings, like features are identified by like reference numerals.